DoS Vulnerability in ClamAV Affects InstallShield File Format Parsing
CVE-2026-20216

7.5HIGH

Key Information:

Vendor

Cisco

Vendor
CVE Published:
1 July 2026

Badges

👾 Exploit Exists

What is CVE-2026-20216?

A flaw in the InstallShield file format parser within ClamAV allows unauthorized remote attackers to initiate a Denial of Service (DoS) condition. This vulnerability arises from improper management of temporary resources during file scanning processes. By submitting a specially crafted InstallShield file for scanning, an attacker can disrupt the ClamAV scanning service, leading to a temporary exhaustion of system resources and potential unavailability of the service.

Affected Version(s)

Cisco Secure Endpoint 7.0.5

Cisco Secure Endpoint 6.2.19

Cisco Secure Endpoint 7.3.3

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.